HPE Business Insights
Showing results for 
Search instead for 
Do you mean 

IT execs: Integrate security and Ops to cut costs and reduce waste

MichaelGarrett on ‎07-30-2014 11:07 AM

michael-garrett2.jpgSecurity is changing. Ten years ago we used to worry about worms and viruses. As a result enterprises focused on perimeter defense. But high profile security incidents like the Target breach exploit internal weaknesses. Security now must cover more extensive ground—and as it does so it overlaps with territory covered by IT operations.


This new vulnerability is worrisome—especially if you’re the one trying to protect sensitive corporate data. But it also presents an opportunity for IT to cut costs, improve efficiency, and reduce waste. (If you’re concerned about security, come talk to our HP Software Professional Services experts at HP Protect.)


The common ground between Security and Operations

What does IT security do at its most basic function? It monitors and detects. And when security finds something it reacts and fixes it.


But that’s also what IT Ops does. Events management, incident management, and so on are classic break-fix IT Ops activities. As part of its prevention and governance activities IT Ops also performs a number of scans. Ops scans the environment and sees, for example, that the right patches are installed, the configurations are correct, and the right policies are applied when new devices come on the network.


So you have Ops doing configuration management, Ops doing event and incident management, and Ops doing testing. At the same time, security is doing exactly the same thing. But they’re using different tools and different processes. And they are losing the benefit of scale.


The benefit of scale

Imagine if you went to the hospital and there was an X-ray function for the orthopedic department and an X-ray function for the pediatric department. That wouldn’t make any sense. It’s the same discipline, whether you are looking at children’s bones or adults’. Hospitals have consolidated pediatric and orthopedic X-ray departments, and the benefit is scale and efficiency.


Right now IT is losing the benefit of scale when it comes to security and operations. It’s more expensive to set up a replica from scratch than it is to add the delta onto an existing capability. It’s a lot more cost effective and process effective to say, “Okay. We’re going to take what we already have, and extend it to meet the needs from security.” But in most organisations, security does its own thing, runs its own scans, and keeps its own database of configurations.


Execs must drive the change

HP has the technology and the services that allow you to integrate the two functions. The biggest challenge, however, is changing the mindset and driving organisational change. And this is where an executive can make the biggest difference. It’s really up to execs to say, “You will align on common processes, you will agree on a data model, you will consolidate tools, you will implement the integrations, and you will do all of the rest.”


It’s not easy. But there is a precedent. Look at application testing, for example. Ten or 15 years ago, you wouldn’t get QA engineers talking to developers. They hated each other. Why? Because QA would go in and say, “Look at all these bugs.” They exposed the deficiencies of the work the developers did.


But once the two functions realised it wasn’t about ego, it was about producing a quality product, the teams saw a mutual benefit. Then people understood that testing is actually good for you. It saves you money, it makes your product better, it’s good for everyone. As the technology matured, organisations integrated their processes. This is the journey we need to take with security and operations.


Learn more about Converged Security.


Related links:

About the Author


Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
1-3 December 2015
Discover 2015 London
Discover 2015 in London, the ultimate showcase technology event for business and IT professionals to learn, connect, and grow.
Read more
November 2015
Software Online Expert Days
Join us online to talk directly with our Software experts.
Read more
View all